| Message ID | 20240111190658.153488-1-theflamefire89@gmail.com (mailing list archive) |
|---|---|
| Headers | show |
| Series | Bluetooth: hci_sock: Fix possible OOB write in create_monitor_event | expand |
Hi! Series looks ok to me (with missing "upstream" annotation). Uli, will you handle this? Best regards, Pavel
> On 01/11/2024 8:06 PM CET Alexander Grund <theflamefire89@gmail.com> wrote: > From: Alexander Grund <flamefire89@gmail.com> > > This basically fixes the `memcpy(dst, src, strlen(src))` > where dst is a fixed size array and hence the copy can overflow it. Thank you, applied. CU Uli
> On 01/15/2024 9:05 PM CET Pavel Machek <pavel@denx.de> wrote: > Series looks ok to me (with missing "upstream" annotation). Uli, will > you handle this? Will do. CU Uli
From: Alexander Grund <flamefire89@gmail.com> This basically fixes the `memcpy(dst, src, strlen(src))` where dst is a fixed size array and hence the copy can overflow it. The changes to string[.h] introduce the required function. The first commit (initially introducing it) uses some fortification checks & macros not available in 4.4 which I kept in as the get removed in the very next commit. I also included the fixup commit moving it out of the header although I'm not sure this is strictly required in 4.4. But it doesn't hurt either. Guenter Roeck (1): string: uninline memcpy_and_pad Kees Cook (1): Bluetooth: hci_sock: Correctly bounds check and pad HCI_MON_NEW_INDEX name Martin Wilck (2): string.h: add memcpy_and_pad() string.h: un-fortify memcpy_and_pad include/linux/string.h | 3 +++ lib/string_helpers.c | 20 ++++++++++++++++++++ net/bluetooth/hci_sock.c | 3 ++- 3 files changed, 25 insertions(+), 1 deletion(-)